diff options
-rw-r--r-- | nix/readTree/default.nix | 3 | ||||
-rw-r--r-- | ops/secrets/.skip-subtree | 2 | ||||
-rw-r--r-- | ops/secrets/README.md | 1 | ||||
-rw-r--r-- | ops/secrets/besadii.age | bin | 0 -> 850 bytes | |||
-rw-r--r-- | ops/secrets/secrets.nix | 12 |
5 files changed, 17 insertions, 1 deletions
diff --git a/nix/readTree/default.nix b/nix/readTree/default.nix index 2ad8e40f6c28..5468d41fd2c7 100644 --- a/nix/readTree/default.nix +++ b/nix/readTree/default.nix @@ -100,7 +100,8 @@ let }) (filter filterDir (attrNames dir)); # Import Nix files - nixFiles = filter (f: f != null) (map nixFileName (attrNames dir)); + nixFiles = if hasAttr ".skip-subtree" dir then [] + else filter (f: f != null) (map nixFileName (attrNames dir)); nixChildren = map (c: let p = joinChild (c + ".nix"); childParts = parts ++ [ c ]; diff --git a/ops/secrets/.skip-subtree b/ops/secrets/.skip-subtree new file mode 100644 index 000000000000..80f63816f5ba --- /dev/null +++ b/ops/secrets/.skip-subtree @@ -0,0 +1,2 @@ +The Nix configuration in here is read by agenix and not compatible +with readTree. diff --git a/ops/secrets/README.md b/ops/secrets/README.md new file mode 100644 index 000000000000..e59b86541335 --- /dev/null +++ b/ops/secrets/README.md @@ -0,0 +1 @@ +TVL's deployment secrets, encrypted with [agenix](https://github.com/ryantm/agenix/commits/main) diff --git a/ops/secrets/besadii.age b/ops/secrets/besadii.age new file mode 100644 index 000000000000..b8a3a9b56f65 --- /dev/null +++ b/ops/secrets/besadii.age Binary files differdiff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix new file mode 100644 index 000000000000..1cf2b5e44a50 --- /dev/null +++ b/ops/secrets/secrets.nix @@ -0,0 +1,12 @@ +let + tazjin = [ + # tverskoy + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy" + ]; + + whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I"; + + default.publicKeys = tazjin ++ [ whitby ]; +in { + "besadii.age" = default; +} |